按照以下示例,我使用密钥库和信任库成功创建了Web服务: http://www.maximporges.com/2009/11/18/configuring-tomcat-ssl-clientserver-authentication/
当我从Java文件中调用它时,就可以了。但是,如果我从它调用它会给出错误
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我正在使用文件 R.raw.client 从client.jks导出进行连接。
谢谢任何能帮助我的人
这是我的代码:
public static Retrofit getInstance(Context context, String url) {
if (retrofit == null) {
synchronized (RetrofitClient.class) {
if (retrofit == null) {
SelfSignInClient signInClient = new SelfSignInClient(context);
retrofit = new Retrofit.Builder()
.baseUrl(url)
.client(signInClient.getOkHttpClient())
.addConverterFactory(GsonConverterFactory.create(gson))
.build();
}
}
}
return retrofit;
}
import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.OkHttpClient;
public class SelfSignInClient {
private Context context;
public SelfSignInClient(Context context) {
this.context = context;
}
public OkHttpClient getOkHttpClient() {
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
Certificate certificate = getCertificate();
KeyStore keyStore = createKeyStoreTrustedCAs(certificate);
TrustManagerFactory managerFactory = createTrustManagerCAs(keyStore);
SSLContext sslContext = createSSLSocketFactory(managerFactory);
okHttpClient.sslSocketFactory(sslContext.getSocketFactory());
okHttpClient.hostnameVerifier(new HostnameVerifier() {
@Override public boolean verify(String hostname, SSLSession session) {
return hostname.equals("your_host_name");
}
});
// If you need an Interceptor to add some header
//okHttpClient.addInterceptor();
return okHttpClient.build();
}
// creating an SSLSocketFactory that uses our TrustManager
private SSLContext createSSLSocketFactory(TrustManagerFactory managerFactory) {
final String PROTOCOL = "TLS";
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance(PROTOCOL);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
assert sslContext != null;
sslContext.init(null, managerFactory.getTrustManagers(), null);
} catch (KeyManagementException e) {
e.printStackTrace();
}
return sslContext;
}
// creating a TrustManager that trusts the CAs in our KeyStore
private TrustManagerFactory createTrustManagerCAs(KeyStore keyStore) {
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory managerFactory = null;
try {
managerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
assert managerFactory != null;
managerFactory.init(keyStore);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return managerFactory;
}
// creating a KeyStore containing our trusted CAs
private KeyStore createKeyStoreTrustedCAs(Certificate certificate) {
final String ALIAS_CA = "ca";
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
} catch (KeyStoreException e) {
e.printStackTrace();
}
try {
assert keyStore != null;
keyStore.load(null, null);
} catch (IOException | NoSuchAlgorithmException | CertificateException e) {
e.printStackTrace();
}
try {
keyStore.setCertificateEntry(ALIAS_CA, certificate);
} catch (KeyStoreException e) {
e.printStackTrace();
}
return keyStore;
}
// creating a Certificate
private Certificate getCertificate() {
Certificate certificate = null;
CertificateFactory certificateFactory = loadCertificateAuthorityFromResources();
InputStream inputStream = getCAFromResources();
try {
certificate = certificateFactory.generateCertificate(inputStream);
} catch (CertificateException e) {
e.printStackTrace();
}
return certificate;
}
// loading CAs from an InputStream
private CertificateFactory loadCertificateAuthorityFromResources() {
final String CERT_TYPE = "X.509";
InputStream certificateAuthority = getCAFromResources();
CertificateFactory certificateFactory = null;
try {
certificateFactory = CertificateFactory.getInstance(CERT_TYPE);
} catch (CertificateException e) {
e.printStackTrace();
}
try {
assert certificateFactory != null;
certificateFactory.generateCertificate(certificateAuthority);
} catch (CertificateException e) {
e.printStackTrace();
} finally {
try {
certificateAuthority.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return certificateFactory;
}
// loading CAs from Resources
// save your certificate.crt on raw package in your resources
private InputStream getCAFromResources() {
return context.getResources().openRawResource(R.raw.client);
}
}